package com.szholly.plug.safe.security;

import java.util.ArrayList;
import java.util.Collection;

import javax.servlet.http.Cookie;

import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

import com.szholly.utils.session.CurrentSessionHelper;
import com.szholly.utils.spring.SpringBeanFactory;
import com.szholly.plug.safe.entity.role.RoleInitHelper;
import com.szholly.plug.safe.entity.user.SuperAdmin;
import com.szholly.plug.safe.entity.user.UserEntity;
import com.szholly.plug.safe.login.LoginLock;

/**
 * 定义用户获取服务
 */
@SuppressWarnings("deprecation")
public class MyUserDetailService implements UserDetailsService {

	private String orgid;
	
	public String getOrgid() {
		return orgid;
	}

	public void setOrgid(String orgid) {
		this.orgid = orgid;
	}
	
	@Override
	public UserDetails loadUserByUsername(String uname)
			throws UsernameNotFoundException {
		SuperAdmin superAdmin = (SuperAdmin) SpringBeanFactory.getBean("superAdmin");
		UserEntity userEntity = null;
		// 优先处理超级管理员
		if(superAdmin.isCanUsed() && superAdmin.getUserName().equals(uname)){
			userEntity = new UserEntity();
			userEntity.setOrgID(superAdmin.getOrgID());
			userEntity.setPassword(superAdmin.getPassword());
			userEntity.setUserID(superAdmin.getUserID());
			userEntity.setUserName(superAdmin.getUserName());
			userEntity.setUserRealName(superAdmin.getRealName());
			userEntity.setOrgName(superAdmin.getOrgName());
			userEntity.setDW(superAdmin.getDw());
			userEntity.setIsSuperAdmin(true);
			userEntity.setDEPTID(superAdmin.getDeptID());
			userEntity.setDEPTName(superAdmin.getDeptName());
			Collection<GrantedAuthority> roles = new ArrayList<GrantedAuthority>();
			roles.add(new GrantedAuthorityImpl("FS"));
			return new CustomUserDetails(userEntity, roles);
		}else{
			if(!LoginLock.getCanLogin(uname)){
				userEntity = null;
				throw new AuthenticationServiceException("当前帐号已被锁定，请10分钟后再登陆！");
			}else{
				userEntity = RoleInitHelper.getUser(uname,orgid);
				// 上面一句话是从数据库中通过用户登录帐号获得数据库中的一个实体
				// 在这个地方加入对当前用户登录失败的判断
				// 1.在XX分钟内失败次数没有达到3次，继续下面流程
				// 2.在XX分钟内失败次数达到3次，userEntity给null值，并抛出AuthenticationServiceException异常
				if (userEntity == null) {
					// 在这里记录用户登录失败一次，记录帐号+登录时间
					LoginLock.setLogin(uname);
					throw new AuthenticationServiceException("用户名或密码错误！");
				} else {
					if(superAdmin.isAllUserIsSuperAdmin()){
						userEntity.setIsSuperAdmin(true);
					}
					//解决会话标识未更新安全漏洞
					CurrentSessionHelper.getCurrentSession().invalidate();//清空session
					Cookie cookie = CurrentSessionHelper.getCurrentHttpServletRequest().getCookies()[0];//获取cookie
					cookie.setMaxAge(0);//让cookie过期
					Collection<GrantedAuthority> roles = new ArrayList<GrantedAuthority>();
					roles.add(new GrantedAuthorityImpl("FS"));
					return new CustomUserDetails(userEntity, roles);
				}
			}
		}
	}
}